Saturday, September 02, 2017

That Instagram hack is shaping up to be way bigger than
anyone thought

A bug in the social media company's API reportedly allowed
hackers to
gain access to account holders' phone numbers and email addresses, with
Instagram assuring everyone on Aug. 30 that it was the celebs of the world who
were targeted.But that was then.

Things are looking just a tad bit different now, with reports suggesting that as many as 6 million accounts were
possibly affected and that regular old users may have fallen victim as
well.

The company issued a new statement on Sept. 1, copping to
the fact that things may be worse than it originally admitted.

Yes, let’s release a breach notification at 5 pm on
the Friday of a big holiday weekend….

In this case, it’s The Neurology Foundation in Rhode
Island, reporting on an incident involving employee wrongdoing. You can read the full press release here.Note that although the problem was discovered months ago, notification of the
breach was delayed “as a result of law
enforcement’s investigation.”But
does that mean that law enforcement actually asked them to delay notification,
or did they just decide to delay notification themselves due to the
investigation?

And yet another breach disclosed at the beginning of a
holiday weekend – this one posted by the State
of Alaska:

September 1, 2017 ANCHORAGE – The
Alaska
Department of Health and Social Services had a security breach
that may have disclosed personal information of individuals who have interacted
with the Office
of Children’s Services. Due to the potential for stolen personal
information, DHSS urges Alaskans who have been involved with OCS to take actions
to protect themselves from identity theft.

On July 5 and July 8, two OCS computers were infected with a
Trojan horse virus, resulting in a potential HIPAA breach of more than 500
individuals. It is not yet known if the
division’s confidential information was accessed. It is possible that OCS reports and documents
containing family case files, personal information, medical diagnoses and
observations, and other related information was accessed during this breach.

We haven’t seen many data security enforcement actions
under the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, but a recent case is a good opportunity to remind entities
that they may be covered by it even if they didn’t know it.

Edward McAndrew, Kim Phan, and Zaven Sargsian of Ballard
Spahr write:

The Federal Trade Commission
(FTC) this week announced a consent
order with TaxSlayer, LLC, an online tax preparation services provider, to
settle claims that the company violated the Gramm-Leach-Bliley Act (GLBA)
Safeguards Rule and Privacy Rule.

As part of the online tax
preparation process, TaxSlayer customers are asked to provide a significant
amount of sensitive personal information, including Social Security number,
telephone number, address, income, marital status, family size, bank names, and
bank accounts.

Between October and December
2015, hackers were able to access account information for approximately 8,800
TaxSlayer customers, resulting in an unknown number of false tax returns being
filed.

As the authors note, the FTC also blogged about this case
on the FTC’s site. Lesley Fair of the FTC
writes, in part:

For a two-month period in 2015,
TaxSlayer was subject to a list validation attack, which allowed remote
attackers to access the accounts for about 8,800 TaxSlayer users. (A list validation attack, also known as
credential stuffing, is where hackers steal login credentials from one site and
then – banking on the fact that some
consumers use the same password on multiple sites – use them to
access accounts on other popular sites.) In an unknown number of cases, criminals used
the data to commit tax identity theft. They
filed fake returns with altered routing numbers and pocketed refunds they
weren’t owed. And what a mess that left
for victimized consumers. Long delays in
getting their rightful refunds, freezes or holds on their credit, and endless
hours trying to unscramble the ID theft egg.

In the proposed
complaint, the FTC alleges that TaxSlayer violated the Privacy Rule and Reg
P by failing to give customers the
privacy notices they were due. What’s more, TaxSlayer violated the Safeguards
Rule by failing to have a written
information security program, failing to
conduct the necessary risk assessment, and failing to put safeguards in place to control those risks –
specifically, the risk that remote attackers would use stolen credentials to
take over consumers’ TaxSlayer accounts and commit tax identity theft.

Tracking the settlements in
several other GLB cases, TaxSlayer must comply with the rules and will be
subject to every-other-year independent assessments for the next decade. You can file a comment about the proposed
settlement by September 29, 2017.

The same concerns just before every election.Someone is going to get burned.

In a bid to expand the reach of internet to every corner
of the world, Facebook said that it has created a data map of the human
population of 23 countries by combining government census numbers with
information obtained from satellites.

Citing
Janna Lewis, Facebook's head of strategic innovation partnerships and
sourcing, the Media reported that the mapping technology can pinpoint any
man-made structures in any country on Earth to a resolution of five metres.

I might have my students use this to record their Digital
Forensics homework. (Looks like this is
Chrome only for now.)

Loom is a free screencasting tool that works on
Chromebooks, Macs, and Windows computers. Loom is a Chrome extension. With Loom installed you can record your
desktop, an individual tab, and or your webcam. That means that you could use Loom to just
record a webcam video on a Chromebook. Of course, this also means that you can use
Loom to record your webcam while also recording your desktop. Loom recordings can be up to ten minutes long.A completed recording can be shared via
social media and email. You can also
download your recordings as MP4 files to upload to YouTube or any other video
hosting service.

Applications for Education

This is the time of year when you're likely to be
introducing some new tools to your students and or your colleagues. Creating a screencast video that your students
or colleagues can watch whenever they need reminders of how to use a tool can
save you a lot of time in the long run. Loom
makes it easy to quickly record a screencast video on almost any computer.

The federal government’s response to a Medicare data
breach that led to patient details being sold on the dark web was
“disappointing, confusing and often contemptible,” according to a former
detective who headed the Australian federal police’s investigations into high-tech
crime.

…A few days after
Guardian Australia revealed the data breach, Tudge and Hunt announced a review into the the security of Medicare online.
The
government has still not announced how the breach occurred. The review’s final report is due by 30
September.The government
was warned in 2014 in a report from the auditor-general’s
department that Medicare data security procedures did not fully comply with
mandatory information security requirements.

Should be interesting to see who reacts (and how) when all
of this data is released.

Civil liberties advocates scored
a win at the California Supreme Court on Thursday with a unanimous ruling
that data gathered by police license plate readers are not generally exempt
from public disclosure under state law.

The American Civil Liberties
Union, the Electronic Frontier Foundation, and various news organizations have
sought data collected by automated license plate readers (ALPRs) to raise
awareness about how much data is collected by police on innocent civilians.

…In the aftermath
of Hurricane Harvey — which has left thousands seeking shelter — small, locally
oriented social networks like Zello are showing their strength as organizing
tools. Though social networks are an imperfect
substitute for rescue infrastructure, a listen into Zello, or a peek into
Nextdoor (where neighbors are working to inform and help each other), or even a
visit to Harvey-related Facebook groups shows why people are relying on these
networks. They are focused and intensely
local, and put critical information in front of the right audiences quickly
with little distraction or noise.

Isn’t this how deliveries were made before things like
postal services?Are there more start-up
potentials in Ye Olde Way of doing other things?

As Amazon continues to expand its retail muscle beyond its
own e-commerce portal, there’s been some activity among startups and businesses
hoping to develop systems that can help others compete better with it. Deliv,
a “crowdsourced” same-day delivery startup that currently partners with some
4,000 retailers to help them offer same-day delivery services to rival those of
Amazon, today announced that it has expanded its service to 33 markets and
1,400 cities, up from 19 markets previously.

…Deliv squarely
addresses one aspect of the commerce retail chain: getting delivery of goods
purchase online, and getting them quickly — a service and expectation that has
become a norm for many in today’s on-demand world.

“Same day delivery is quickly becoming table stakes across
every retail segment. With Deliv,
retailers can offer their customers that same exceptional level customer experience
without the need to invest in their own asset-based delivery fleet,” said
Daphne Carmeli, CEO and founder of Deliv, in a statement.

Mark wishes to remind you that he is not running for
President in 2020.

…In an open letter published
Thursday, the executives urged the president to retain the policy, saying that
the U.S. economy would lose hundreds of billions of dollars if workers and
students currently protected by DACA were faced with deportation.

I’ll bet most of my students don’t know these tricks.(Or that they have a middle button on their two
button mouse.)

Wells Fargo: There were nearly 70 percent more potentially
fake accounts opened than originally thought

…On Thursday, the
bank said the review of 165 million retail accounts opened from January 2009 to
September 2016 identified 3.5 million as potentially unauthorized. That is up from the 2.1 million accounts
originally identified in a narrower review that only covered 93.5 million
accounts opened from May 2011 to mid-2015.

Dorchester School District 2
officials say no student or staff member’s identity information was stolen or
compromised in a ransomware attack on the district’s computer network servers
over the summer, but that some files were corrupted and lost, and the district
was forced to pay a ransom to regain access to other data.

In a letter sent to parents and
staff Wednesday, DD2 officials revealed its operating system and database were
left disabled on 25 of the 65 servers for the district’s computer network after
they were infected with a ransomware virus during the summer.

The push to connect vehicles to
one another and to the Internet has created a role for federal agencies to
clarify its privacy protection role, the Government Accountability Office (GAO)
concluded in a report released on Monday. The government watchdog agency is worried that vehicles will continue to collect more
and more data while federal standards continue to fall behind,failing
to keep up with the pace of change in the industry.

[…]

GAO researchers contacted the
sixteen automakers responsible for 90 percent of the cars and trucks sold in
the United States and found that thirteen of them offered automobiles that
connected to the Internet. In 2014, GAO
released a report focusing on the privacy of in-car navigation devices (view report), but this
report focused specifically on systems that use a SIM card to connect to
wireless data providers to provide services such as roadside assistance or
automatic crash notification.

In response to Hurricane Harvey, U.S. Department of Health
and Human Services (HHS) Secretary Tom Price, M.D., declared a public health
emergency in Texas and Louisiana and has exercised the authority to waive
sanctions and penalties against a Texas or Louisiana covered hospital that does
not comply with the following provisions of the Health Insurance Portability
and Accountability Act (HIPAA) Privacy Rule:

The
requirements to obtain a patient’s agreement to speak with family members
or friends involved in the patient’s care

The
requirement to honor a request to opt out of the facility directory

The
requirement to distribute a notice of privacy practices

The
patient’s right to request privacy restrictions

The
patient’s right to request confidential communications

Other provisions of the Privacy Rule continue to apply,
even during the waiver period.

The more that artificial intelligence is incorporated into our computer
systems, the more it will be explored by adversaries looking for weaknesses to
exploit. Researchers from New York
University (NYU) have now demonstrated (PDF)
that convolutional neural networks (CNNs) can be backdoored to produce false
but controlled outputs.

Poisoning the machine learning (ML) engines used to detect
malware is relatively simple in concept. ML learns from data. If the data pool is poisoned, then the ML
output is also poisoned -- and cyber criminals are already attempting
to do this.

…CNNs, however, are at a
different level of complexity -- and are used, for example, to recognize and
interpret street signs by autonomous
vehicles.

In many cases, it's not financially viable for big
internet service providers like Comcast and CharterSpectrum to expand into
these communities

…Here, a look at
three rural counties, in three different states, demonstrates how country folk
are leading their communities into the digital age the best way they know how:
ingenuity, tenacity, and good old-fashioned hard work.

…Onity didn’t
patch the security flaw in its millions of vulnerable locks. In fact, no software patch could fix
it. Like so many other hardware
companies that increasingly fill every corner of modern society with tiny
computers, Onity was selling a digital product
without much of a plan to secure its future from hackers. It had no update mechanism for its locks. Every one of the electronic boards inside of
them would need to be replaced. And long
after Brocious’ revelation, Onity announced that it wouldn’t pay for those
replacements, putting the onus on its hotel customers instead. Many of those customers refused to shell out
for the fix—$25 or more per lock depending on the cost of labor—or seemed to
remain blissfully unaware of the problem.

And so instead of Brocious’ research protecting millions
of hotel rooms from larceny-minded hackers, it served up a rare, wide-open
opportunity to criminals.

Bureau of Justice Statistics Arrest Data Analysis Tool:
“This dynamic data analysis tool allows you to generate tables and figures of
arrest data from 1980 onward. You can
view national arrest estimates, customized either by age and sex or by age
group and race, for many offenses. This
tool also enables you to view data on local arrests. Select National Estimates or Agency-Level
Counts from the menu above. Use
the Annual Tables to view tables of arrest data broken down by
sex, race, age, or juvenile and adult age groups. Select Trend Tables by Sex or
Trend Tables by Race to create customized tables of long-term
trends. In National Estimates, you can also view figures of
long-term trends by sex or by race and age-arrest curves for many offenses. The underlying data are from the FBI’s Uniform Crime
Reporting (UCR) Program. BJS has
expanded on the FBI’s estimates to provide national arrest estimates detailed
by offense, sex, age, and race. The Methodology
tab describes estimation procedures and the limitations of the arrest data. The Terms & Definitions tab
explains the meaning or use of terms, including the FBI’s offense definitions. You can download output to Excel format. This User’s Guide provides
everything you need to get started.”

…This basic premise that
North Korea is targeting bitcoins is reiterated in a report
from the United Press International news agency. It says, "The CWIC Cyber Warfare Research
Center in South Korea stated a domestic exchange for bitcoin, the worldwide
cryptocurrency and digital payment system, has been the target of an attempted
hacking... CWIC's Simon Choi said it is
'not only one or two exchanges where attack attempts have been made'."

Good news out of a court in San
Francisco: a judge just issued an early ruling against LinkedIn’s abuse of the
notorious Computer
Fraud and Abuse Act (CFAA) to block a competing service from perfectly
legal uses of publicly available data on its website. LinkedIn’s behavior is just the sort of bad
development we expected after the United States Court of Appeals for the Ninth
Circuit delivered two dangerously expansive interpretations of the CFAA last
year—despite our warnings
that the decisions would be easily misused.

Within weeks after the decisions came out, LinkedIn
started sending out cease and desist letters citing the bad case
law—specifically Power Ventures—to companies it said were violating its
prohibition on scraping. One company
LinkedIn targeted was hiQ Labs, which provides analysis of data on LinkedIn
user’s publicly available profiles. Linkedin had tolerated hiQ’s behavior for
years, but after the Power Ventures decision, it apparently saw an
opportunity to shut down a competing service. LinkedIn sent hiQ letters warning that any
future access of its website, even the public portions, were “without
permission and without authorization” and thus violations of the CFAA.

Interesting, but will customers be willing to walk to the
curb (in rain, snow, dark of night, or from their 12th floor
apartment) to retrieve their pizzas?

…Participants
will receive text messages as the self-driving vehicle approaches with
instructions on how to retrieve their pizza, which can be unlocked from a
“heatwave compartment” inside the vehicle using a unique code.

Amazon and Microsoft announced
something of a curveball this morning as they released plans to integrate Alexa
and Cortana, their respective voice-activated digital assistants.

Later this year, consumers will be able to request Cortana
support through Alexa-powered devices, such as Amazon’s range of Echo smart
speakers, while those using a Cortana-enabled device will be able to beckon
Alexa.

FBI shuts down request for files on Hillary Clinton by citing
lack of public interest

The FBI is declining to turn over files related to its
investigation of former Secretary of State Hillary Clinton’s emails by arguing
a lack of public interest in the matter.

…in a letter sent
this week and obtained by Fox News, the head of the FBI’s Records Management
Division told Clevenger that the bureau has “determined you have not
sufficiently demonstrated that the public’s interest in disclosure outweighs
personal privacy interests of the subject.”

Pennycook, Gordon and Rand, David G., Who Falls for Fake
News? The Roles of Analytic Thinking,
Motivated Reasoning, Political Ideology, and Bullshit Receptivity (August 21,
2017). Available at SSRN: https://ssrn.com/abstract=3023545

“Inaccurate beliefs pose a threat to democracy and fake
news represents a particularly egregious and direct avenue by which inaccurate
beliefs have been propagated via social media. Here we investigate the cognitive
psychological profile of individuals who fall prey to fake news. We find a consistent positive correlation
between the propensity to think analytically – as measured by the Cognitive
Reflection Test (CRT) – and the ability to differentiate fake news from real
news (“media truth discernment”). This
was true regardless of whether the article’s source was indicated (which,
surprisingly, also had no main effect on accuracy judgments). Contrary to the motivated reasoning account,
CRT was just as positively correlated with media truth discernment, if not more
so, for headlines that aligned with individuals’ political ideology relative to
those that were politically discordant. The
link between analytic thinking and media truth discernment was driven both by a
negative correlation between CRT and perceptions of fake news accuracy
(particularly among Hillary Clinton
supporters), and a positive correlation between CRT and perceptions of real
news accuracy (particularly among Donald
Trump supporters). This suggests
that factors that undermine the legitimacy of traditional news media may
exacerbate the problem of inaccurate political beliefs among Trump supporters,
who engaged in less analytic thinking and were overall less able to discern
fake from real news (regardless of the news’ political valence). We also found consistent evidence that
pseudo-profound bullshit receptivity negatively correlates with perceptions of
fake news accuracy; a correlation that is mediated by analytic thinking. Finally, analytic thinking was associated with
an unwillingness to share both fake and real news on social media. Our results
indicate that the propensity to think analytically plays an important role in
the recognition of misinformation, regardless of political valence – a finding
that opens up potential avenues for fighting fake news.”

“MISSILEMAP is an interactive
web visualization meant to aid in the understanding of information about the
capabilities and consequences of missile launches, in particular nuclear-armed
ballistic missiles. It allows for the
graphical representation of ranges, great-circle paths, accuracy (Circular
Error Probable), blast damage, and probabilities of kill (the chance that a
given weapon will put a particular amount of blast damage on a target). It was made to aid in discussions about
missile development, since the technical nature of honest-to-god “rocket
science” can make it rather impenetrable from the perspective of laymen, yet
many of the fundamental questions are key to local understanding of
geopolitical questions (e.g., “could North Korea hit my city with their latest
missile?”). It was created by Alex Wellerstein, a historian of science and
technology at the College of Arts and Letters at the Stevens
Institute of Technology, in Hoboken, New Jersey, USA. The site’s hosting is paid for by the College
of Arts and Letters. It is programmed in
Javascript, making extensive use of JQuery and the D3.js
libraries, as well as the Google Maps Web API. Professor Wellerstein is a historian of
nuclear weapons, the creator of the NUKEMAP, the author of the Restricted
Data Blog, and developed this application using Cold War-era algorithms
that have long since been declassified…”

Skype’s new ‘Interviews’ feature lets you test candidates
using a real-time code editor

Skype recently introduced a feature designed to cement its place among
business users who aren’t as interested in things like emoji reactionsor “Stories.”It now
supports conducting technical interviews via its service through a new Skype Interviews
feature. From a dedicated website, interviewers can test candidates in seven programing
languages over Skype using a real-time code editor.

The feature was introduced a few days ago as a technical
preview, and currently only works in the browser version of Skype, Microsoft
tells us.

Of course, there are already a number of solutions for
conducting interviews with remote technical talent on the market, like HackerRank, Codility, Interview Zen, CoderPad,
Remoteinterview.io, HireVue’s CodeVue (née CodeEval), and others.

But the benefit to using Skype is the platform’s ubiquity,
which makes it a regular tool for doing remote video calls of any kind. Bundling in an interview testing feature
within Skype could speed up the interview process, as subjects won’t have to
switch to a different tool to complete the technical screening.

Major League Lacrosse is investigating a
massive data leak that exposed every individual player’s personal information.

According to an email the league sent to all players
Monday evening — that was in turn sent to News10NBC by a player — a link on one of their website pages mistakenly
re-directed browsers to a spreadsheet.The spreadsheet contained every player in the
league’s names, phone numbers, email and mailing addresses, Social Security
numbers and more.

Read more on WHEC.
That “more” in the personal info
sentence was defined in the email sent to players as:

“The growing market for smart home IoT devices promises
new conveniences for consumers while presenting
new challenges for preserving privacywithin the home. Many smart home devices have always-on sensors
that capture users’ offline activities in their living spaces and transmit
information about these activities on the Internet. In this paper, we demonstrate that an ISP or
other network observer can infer privacy sensitive in-home activities by
analyzing Internet traffic from smart homes containing commercially-available
IoT devices even when the devices use encryption. We evaluate several strategies for mitigating
the privacy risks associated with smart home device traffic, including
blocking, tunneling, and rate-shaping.Our
experiments show that traffic shaping can effectively and practically mitigate
many privacy risks associated with smart home IoT devices. We find that 40KB/s extra bandwidth usage is
enough to protect user activities from a passive network adversary. This bandwidth cost is well within the
Internet speed limits and data caps for many smart homes.”

Interesting.You
can keep on spreading Russian propaganda but we don’t want you to profit from
it?Was that ever their primary
objective? Would kicking them off
Facebook be a better solution?

The company has already been working with outside fact-checkers like Snopes and the AP
to flag inaccurate news stories. (These
aren’t supposed to be stories that are disputed for reasons of opinion or
partisanship, but rather outright hoaxes and lies.) It also says that when a story is marked as
disputed, the link can no longer be promoted through Facebook ads.

The next step, which the company is announcing today,
involves stopping Pages that regularly share these stories from buying any
Facebook ads at all, regardless of whether or not the ad includes a disputed
link.

Menell, Peter S. and Lemley, Mark A. and Merges, Robert
P., Intellectual Property in the New Technological Age: 2017 – Chapters 1 and 2
(July 18, 2017). Intellectual Property in the New Technological Age 2017: Vol.
II Copyrights, Trademarks and State IP Protections; ISBN-13: 978-1945555077; UC
Berkeley Public Law Research Paper; Stanford Public Law Working Paper.
Available at SSRN: https://ssrn.com/abstract=2999038

“Rapid advances in digital and life sciences technology
continue to spur the evolution of intellectual property law. As professors and practitioners in this field
know all too well, Congress and the courts continue to develop intellectual
property law and jurisprudence at a rapid pace. For that reason, we have significantly
augmented and revised Intellectual Property in the New Technological Age…”

Phys.org – “Two independent studies looking at two aspects of
paywalls versus free access to research papers suggest that trouble may lie
ahead for traditional journals that continue to expect payment for access to
peer-reviewed research papers. In the
first study, a small team of researchers from the U.S. and Germany looked at
the number of freely available papers on the internet using a web extension
called Unpaywall—users enter information and the extension lists sources online
for free. In the second study, a team
with members from Canada, the U.S. and Germany looked at the popularity of a
website known as Sci-Hub that collects and freely distributes
research papers. Both groups have
written papers describing their studies and results and have uploaded them to
the PeerJ Preprints server. Free
access to research papers is a hot topic in the research
community, perhaps indicating coming changes to the status quo…”

…Dara
Khosrowshahi, who spent 12 years at the helm of Expedia Inc., held unvested stock
options in that company worth $184.4 million as of Friday’s close in New York,
according to data compiled by Bloomberg. Companies typically grant replacement awards
to executives who must forfeit unvested equity when they leave before their
employment terms have expired.

The ride-hailing company will likely also grant
Khosrowshahi additional compensation, such as an annual salary and stock awards
that vest over several years to ensure he remains on the job for the forseeable
future. That could push his total price
tag north of $200 million.

Glitch
is a playground for coders of all kinds.Through it, you can make your own app or remix any of the
existing projects on the site.You can
be creative without the fear of breaking anything — and there are veteran
coders who are standing by to help you do it.

It’s an open and free collaborative coding site that’s
basically a miniature programming school.

Glitch gives you all the tools to instantly create, remix,
edit, and host an app, bot, or site. You
can invite collaborators who can simultaneously edit the code with you. Right now, the programming sandbox only
supports Node.js.

I have to admit, none of these seem appealing, but maybe
someone will like them.

To coincide with everyone going back to school, Amazon is
offering students a Music Unlimited subscription for just $4.99/month. That's a saving of $60 per year for non-Prime
members. But it gets even better if you
are a Prime Student member. Amazon is
offering you six months access for just $6. After that, it reverts to the $4.99/month
price as long as you remain a student.

In order to take advantage of this student offer, Amazon
requires customers first validate their status as a student. For that, Amazon uses third-party service SheerID, which apparently
happens without interruption to the customer.

Monday, August 28, 2017

Interesting to me when mainstream magazines start
reporting on Apps invading Privacy.Maybe
they are finally recognizing that, “We were planning to add a feature for
you, but we changed our mind” isn’t really an excuse. Especially when that feature would have
announced to everyone on your Contacts list that you were using the “Anonymous”
messaging App.

The anonymous messaging app, biled as a platform for
honest feedback, has reportedly also been saving all the contacts in your
phone. According to The Intercept, when users download the app for the first time, “it
immediately harvests and uploads all phone numbers and email addresses in your
address book.” In some cases, Sarahah
does ask for permission to access your contacts, but it does not disclose that
it will be saving the data to its own servers.

Sarahah’s founder, Zain al-Abidin Tawfiq, tweeted in response to The Intercept's article , saying that the contacts were
being uploaded for a planned “find your friends” feature. The feature was then delayed due to “technical
issues” and was accidentally not removed from the current version of the app. He added that “the data request will be
removed on next update.”

With weather on everyone’s mind this week, this might be a
good time to point out that AccuWeather was caught sending user location data –
even when location sharing is off.

Last week, Zack Whittaker reported:

Popular weather app AccuWeather
has been caught sending geolocation data to a third-party data monetization
firm, even when the user has switched off
location sharing.

AccuWeather is one of the most
popular weather apps in Apple’s app store, with a
near perfect four-star rating and millions of downloads to its name. But what the app doesn’t say is that it sends
sensitive data to a firm designed to monetize user locations without users’
explicit permission.

Chinese authorities have stepped up their war against free
online speech by banning web platforms from accepting comments from anonymous
users.

China's "cyberspace
administration" said in rules published Friday that internet forum providers had
to force their users to register using their real names, which they must verify, reports The
Diplomat. The web companies must also
immediately report illegal comments to the authorities, and pre-screen comments
on current affairs.

It allows telecommunications watchdog Roskomnadzor to
compile a list of so-called anonymiser services and prohibit any that fail to
respect the bans, while also requiring users of online messaging services to
identify themselves with a telephone number.

"Innovation and technology will win! We will defend our freedoms!" one
protester said, according to a broadcast of the march on YouTube.

Russia's opposition groups rely heavily on the internet to
make up for their lack of access to the mainstream media.

But the Russian authorities have been clamping down on
such online services, citing security concerns.

Germany’s government has answered the car ethics question
once and for all: driverless cars should prioritize the protection of human
life over the destruction of animals or property.

On Wednesday, the nation's Federal Ministry of Transport
and Digital Infrastructure – a curious combination that suggests they took
"information superhighway" too literally – announced it will "implement" guidelines devised
by a panel of experts scrutinizing self-driving technology.

Back in June, the ministry's ethics commission produced a report on how computer-controlled vehicles should be
programmed and designed in future. The
panel of 14 scientists and legal eggheads suggested some 20 rules autonomous
rides should follow. Now, Germany's
transport regulator has pledged to enforce them in one way or another.

Among the proposed rules are:

The
protection of human life always has top priority. If a situation on the
road goes south, and it looks as though an accident is going to happen,
the vehicle must save humans from death or injury even if it means
wrecking property or mowing down other creatures.

If
an accident is unavoidable, the self-driving ride must not make any
choices over who to save – it can't wipe out an elderly person to save a
kid, for instance. No decisions should be made on age, sex, race,
disabilities, and so on; all human lives matter.

Ultimately, drivers will still bear responsibility if
their autonomous charabanc crashes, unless it was caused by a system failure,
in which case the manufacturer is on the hook.

I always thought of fingerprints as solid science.Perhaps the procedure needs review?

Notable developments in courtrooms, academia and
government institutions, both state and federal, are laying the groundwork for
challenges to fingerprint matching. This
extensively researched, comprehensive annotated bibliography by Ken Strutin includes new and noteworthy materials
such as key opinions, significant articles and online resources concerning
accuracy, reliability, validity as well as authenticity of fingerprint
evidence. It also includes information
on scientific and technological developments that are pushing the frontiers of
biometric analysis.

Tossing the baby out with the bathwater? Are we missing an opportunity to point out the
errors in their logic and more importantly, the opportunity to laugh at them? Worth reading.

…I want to discuss an issue that's already
received plenty of attention: how various platforms -- starting with GoDaddy
and Google, but with much of the attention placed on Cloudflare -- decided to
stop serving the neo-Nazi forum site the Daily Stormer.

…Let's start with
the basics: Nazis -- both the old kind and the new kind -- are bad. My grandfather fought Nazis in Europe and
Northern Africa during WWII, and I have no interest in seeing Nazis in America
of all places. But even if you believe
that Nazis and whoever else uses the Daily Stormer are the worst of the absolute
worst, there are many other issues at play here beyond just "don't provide
them service." Of course, lots of
services are choosing not to. Indeed,
both the Washington Post and Quartz are keeping running tallies of all the services that
have been booting Nazis and other racist groups. And, I think it's fairly important to state
that these platforms have their own First Amendment rights, which allow them to
deny service to anyone. There's
certainly no fundamental First Amendment right for people to use any service
they want. That's not how free speech works.

…As many experts
in the field have noted, these things are complicated. And while I know many people have been cheering
on each and every service kicking off these users, we should be careful about
what that could lead to. Asking
platforms to be the arbiters of what speech is good and what speech is bad is
frought with serious problems.

If nothing else, you must admit he can catch the spotlight
whenever he wants to. (Which seems to
be, every time he thinks people are beginning to forget him.)

Kim Dotcom, the file-sharing entrepreneur who is currently
fighting extradition from New Zealand to the U.S. on copyright violation
charges, has provided a glimpse of the new payments platform he says will make
it easier to reward creators for their work.

Dotcom first talked about his Bitcache micropayments platform
a year ago, when he said the bitcoin-connected system could provide a new
business model for file-sharing—this would involve those who upload copyrighted
media being able to charge downloaders small amounts. However, on the weekend
he showed off how the platform could be used.

In a YouTube
video, Dotcom showed how YouTube creators could embed a bar at the bottom
of their videos, encouraging their viewers to give them very small amounts of
money through their Bitcache accounts.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.